📦 Chrome DevTools MCP — 浏览器自动化

Name: Chrome DevTools MCP — 浏览器自动化
Rating: 2

v1.0.0

Google 官方浏览器自动化与测试服务器，通过 MCP 协议驱动 Puppeteer 控制 Chrome：点击、填表、导航等操作一键完成。

2· 2.3k·30 当前·32 累计

by @aiwithabidi

浏览器自动化开发工具自动化测试工具 API工具

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

medium confidence

NULL

评估建议

This skill appears to do what it says: start and test a Chrome DevTools MCP server via the chrome-devtools-mcp npm package. Before installing or enabling it, consider: 1) npx -y chrome-devtools-mcp@latest fetches and runs code from the npm registry at runtime — pin a specific version (not @latest) if you want reproducibility and lower supply-chain risk. 2) The MCP server can control a browser and access any page you visit; avoid exposing sensitive pages or credentials to automated sessions. 3) T...

详细分析 ▾

✓ 用途与能力

The name/description (Chrome DevTools MCP) aligns with the declared requirements and instructions: Node.js and Chrome/Chromium are the expected dependencies, and the SKILL.md and setup script all center on starting/configuring the MCP server. No unrelated credentials, binaries, or system paths are requested.

✓ 指令范围

SKILL.md describes only browser automation operations and how to start the MCP server. The included setup script checks for node/npx/Chrome, pre-caches the npm package, prints an openclaw.json snippet, checks ~/.openclaw/openclaw.json for configuration, and can start a headless MCP server for a quick test. It does not attempt to read unrelated files or request secrets.

ℹ 安装机制

There is no formal install spec; instructions rely on npx to fetch and run chrome-devtools-mcp@latest from the npm registry. Using npx @latest is a normal way to run CLI tools but means remote code is fetched at runtime (unpinned). This is a supply-chain risk: if the npm package is compromised or a different package is published under the same name, arbitrary code could run. The package homepage points to an official ChromeDevTools repo, which mitigates concern but does not eliminate the live-download risk.

✓ 凭证需求

The skill requests no environment variables, no credentials, and only references a local config path (~/.openclaw/openclaw.json) for verifying/printing MCP config. The setup script's accesses are proportional to its stated purpose (setup/status/test).

✓ 持久化与权限

The skill is not always-enabled, does not request elevated privileges, and does not modify other skills or system-wide settings. The setup script prints configuration for openclaw.json but does not write to system files by itself. The test command launches an MCP server process (expected behavior).

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/21

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install chrome-devtools-mcp

镜像加速npx clawhub@latest install chrome-devtools-mcp --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库